IT Security Newsletter - 01/19/2021
OpenWRT Forum user data stolen in weekend data breach
The OpenWRT forum, a large community of enthusiasts of alternative, open-source operating systems for routers, announced a data breach. Forum administrators posted the announcement in a high-visibility area, explaining what happened and the risks to users stemming from exposing their data. The attack occurred on Saturday, around 04:00 (GMT), when an unauthorized third party gained admin access to and copied a list with details about forum users and related statistical information. READ MORE...
IObit forums hacked to spread ransomware to its members
Windows utility developer IObit was hacked over the weekend to perform a widespread attack to distribute the strange DeroHE ransomware to its forum members. IObit is a software developer known for Windows system optimization and anti-malware programs, such as Advanced SystemCare. Over the weekend, IObit forum members began receiving emails claiming to be from IObit stating that they are entitled to a free 1-year license to their software as a special perk of being a forum member. READ MORE...
Swanky Wentworth golf club hacked, details of 4000 members stolen in ransomware attack
Members of one of England's most exclusive golf clubs has warned its 4000 members that their personal details may have fallen into the hands of hackers following a ransomware attack. The prestigious private Wentworth golf and country club, whose members include high profile celebrities, sports stars, and top business people, has sent out an email offering its "profuse apologies" after its members' list was accessed by cybercriminals. READ MORE...
Symantec connects another hacking tool to SolarWinds campaign
Private sector analysts uncovered a new hacking tool thought to be used in a suspected Russian spying operation in the latest example of how, as the investigation into the SolarWinds breach continues, the plot only thickens. Security firm Symantec on Tuesday said it had found previously undocumented malicious code that the attackers used to move through victim networks and then transmit additional malware onto specific computers. The attackers installed the malicious code, dubbed Raindrop. READ MORE...
FBI Warns of Employee Credential Phishing via Phone, Chat
The Federal Bureau of Investigation has issued a Private Industry Notification (PIN) to warn of attacks targeting enterprises, in which threat actors attempt to obtain employee credentials through vishing or chat rooms. Taking advantage of the COVID-19 pandemic, which has forced the broad adoption of telework, cyber-criminals and threat actors are attempting to exploit possible misconfiguration and lack of monitoring for remote network access and user privileges. READ MORE...
Dnsmasq vulnerabilities open networking devices, Linux distros to DNS cache poisoning
Seven vulnerabilities affecting Dnsmasq, a caching DNS and DHCP server used in a variety of networking devices and Linux distributions, could be leveraged to mount DNS cache poisoning attack and/or to compromise vulnerable devices. "Some of the bigger users of Dnsmasq are Android/Google, Comcast, Cisco, Red Hat, Netgear, and Ubiquiti, but there are many more. All major Linux distributions offer Dnsmasq as a package, but some use it more than others, e.g., in OpenWRT it is used a lot. READ MORE...
Researchers Earn $50,000 for Hacking Apple Servers
A couple of researchers claim they have earned $50,000 from Apple for finding some serious vulnerabilities that gave them access to the tech giant's servers. Harsh Jaiswal and Rahul Maini, India-based bug bounty hunters who specialize in application security, said they discovered the flaws in recent months, being inspired by a group of researchers who in October reported receiving hundreds of thousands of dollars from Apple for a total of 55 vulnerabilities. READ MORE...
- ...in 1809, influential early American mystery and suspense writer Edgar Allen Poe ("The Raven", "The Tell-Tale Heart" ) is born in Boston, MA.
- ...in 1883, the first electric lighting system using overhead wires (built by Thomas Edison) begins service in New Jersey.
- ...in 1955, Dwight D. Eisenhower becomes the first president to hold news conferences to be filmed by TV and newsreels.
- ...in 1977, President Gerald R. Ford pardons Iva Toguri D'Aquino, known for her Japanese propaganda broadcasts as "Tokyo Rose" during World War II.